US stock market daily report (February 14, 2014, Friday)

Microsoft Corporation (MSFT-Nasdaq) Internet Explorer 9 and Internet Explorer 10 have been found as a subject for exploitation, users are urged to upgrade to Internet Explorer 11 as soon as possible. The attack requires no user interaction and is dubbed, 'Operation SnowMan'. Users accessing a compromised website, U.S. Veterans of Foreign Wars, is enough to trigger a classic click-by download attack which will download and install a payload from a remote server.

FireEye Labs announced findings on Friday of the exploitation on a website based in the U.S. and identified on February 11, in IE9 and IE10. The exploit targets IE10 with Adobe Flash. The findings report a zero-day vulnerability, which refers to a security flaw previously unknown and is currently being exploited. Reportedly, the attack is not effecting all IE version and users are urged to upgrade to the latest release IE11 for added security.

Darien Kindlund, manager of threat intelligence at FireEye said, "The vulnerability is a previously unknown use-after-free [memory corruption flaw] in Microsoft Internet Explorer event handling. Microsoft is aware and they are working on a fix ASAP." Kindlund added that the exploit was similar to previous attacks, but its specific methodology had not been seen before.

The attack is believed to be a strategic web compromise targeting American military personnel amid a paralyzing snowstorm at the U.S. Capitol in the days leading up to the Presidents Day holiday weekend. Per FireEye, they believe the attackers are associated with two previously identified campaigns known as Operation DeputyDog and Operation Ephemeral Hydra. Belief is that the attack is a based on infrastructure overlaps and tradecraft similarities.

After attackers compromised the VFW website, they added an iframe into the beginning of the HTML code that loads the attacker’s page in the background. To complete the exploitation of the VFW website, the attacker’s HTML/JavaScript page runs a Flash object, calling back to the IE10 vulnerability trigger, which is embedded in the JavaScript. The attack consists of visitors to the VFW website being silently redirected through an iframe to an exploited website.